A ransomware cyberattack can seriously hurt your bottom line, but not just because you have to pay a ransom. When a network is infected with ransomware, this can freeze all business activity – and revenue – until the ransom is paid. Worst of all, in many cases, the files remain permanently encrypted – and effectively lost – even after you’ve paid the ransom. Because of their limited resources, small businesses are especially vulnerable to the disruption and loss of business caused by this crime, so it’s crucial to prepare and respond in the right ways.
- Stay up to Date
Whether your business uses Windows or Apple operating systems, keeping them up to date is essential. Set your OS to update automatically or to check for new updates regularly. This way, new security patches will be installed as soon as they’re available. Because out-of-date applications can also provide an entry point for malware, it’s important to keep your programs updated too.
- Back up Your Files
Good preparation is key. Start by investing in backup services and technology to provide operational continuity in the event of an attack. Set up daily, automatic, full-system backups through a cloud-based service, and regularly back up your data on a nonconnected hard drive too (some ransomware can infect devices that stay connected). If an attack infects your whole network, you’ll be able to wipe your computers and reload them with a pre-attack version of your system. You may lose a few hours of work, but that’s nothing compared to losing all your work.
- Have the Right Software
Do some research or speak with a security professional to make sure you have the right amount of protection, including a firewall and antivirus software. Because most ransomware attacks start from an unsafe website or email, set up a pop-up blocker for your internet browser and install an application to scan your emails for security threats and capture suspicious messages. You can designate trusted senders in your email program to ensure their emails aren’t intercepted.
- Be Careful Online
Good email and web browsing practices can help reduce the risk of malware. Make sure you and your team understand how to recognize and block suspicious emails, as well as how to tell if a site is trustworthy. There are a number of browser extensions you can use to identify websites with a bad reputation.
- Create a Plan
If one of your devices is infected, what will you do? What if the attack is networkwide? Good planning supports a faster response, which should include quickly isolating an affected device from your network so the malware can’t spread. Once a device is separated, you or an IT professional can safely clean up the drive and restore its contents to the uninfected, backed-up version.
- Create and Communicate Policies
Once your plan is in place, take time to communicate your ransomware protocol to employees and educate them about ways to reduce the risk of an attack. It’s also good to establish a clear policy for network use to help workers meet your expectations for appropriate internet use and help minimize risk to your network.